Hi guys, I have installed openldap on debian lenny as said here "http://www.debuntu.org/ldap-server-and-linux-ldap-clients" for both ldap server and ldap client on 192.168.1.192. Now I can make normal ldap successfully but I would like to do secure ldap and replication ldap too. "ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)" here is the error I got stuck with when I follow this link for replication and ssl/tls part. "http://wiki.ucc.asn.au/LDAP/LazySysadmin#Replication"

Regarding to this error "TLS: hostname (192.168.1.192) does not match common name in certificate (192.168.1.192)." I think maybe I cann't sign certificate by using IP Address of ldap server as common name. By the way I really have no idea how to solve "ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)" Does anyone know how to solve this?

Thanks
NeverLand.

bathory

03-05-2010 01:14 AM

Hi,

The error means that either slapd is not running, or it's behind a firewall that's blocking access to port 389.

Regards

neverland

03-05-2010 01:42 AM

Quote:

Originally Posted by bathory
(Post 3886536)

Hi,

The error means that either slapd is not running, or it's behind a firewall that's blocking access to port 389.

Hi, here is log after I try to redo cert but using hostname instead of IP Address.
BTW: I got this error instead "TLS: peer cert untrusted or revoked (0x42)"
ldap_err2string
But this error "ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)" still the same.